search

sdiaz / FOSRestBundleByExample

FOSRestBundle example project with Symfony 2.6 standard distribution
MIT License
106 stars 31 forks source link

Integrate FOSRestBundleByExample with an existing project #11

Open lukeman83 opened 11 years ago

lukeman83 commented 11 years ago

Hi, I read FOSRestBundleByExample and I added the bundles in my projects.

FOSRestBundle NelmioApiDocBundle MopaWSSEAuthenticationBundle

I was using FOSUserBundle yet. I have a problem. My firewall properties are:

security:
    providers:
        my_fos_facebook_provider:
            id: my.facebook.user          
        fos_userbundle:
            id: fos_user.user_manager
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    firewalls:
        wsse_secured:
            pattern:   ^/api/.*
            stateless:    true
            wsse:
                nonce_dir: null
                lifetime: 300
                provider: fos_userbundle
            anonymous:    true
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
                check_path: fos_user_security_check
                login_path: fos_user_security_login
                default_target_path: homepage
            fos_facebook:
                app_url: %facebookAppUrl%
                server_url: %facebookServerUrl%
                login_path: fos_user_security_login
                check_path: _security_check
                default_target_path: homepage
                provider: my_fos_facebook_provider
            logout:
                handlers: ["fos_facebook.logout_handler"]
            anonymous:    true
            switch_user: true

I try to use my api in this way:

First I do a POST request:

localhost/project/web/app_dev.php/security/token/create?_username=a@a.it&_password=aaa

HEADERS:

Accept : application/json
Content-Type : application/x-www-form-urlencoded

I receive response 200 OK:

BODY:
{
"WSSE":"UsernameToken Username=\"a@a.it\", PasswordDigest=\"R82hdPWyV3PoTliW5O1aoSkKRZk=\", Nonce=\"YmUwZDVhNDliNzZiM2QzZA==\", Created=\"2013-05-23T07:57:03+02:00\""
}

After I call my api with a GET request:

localhost/project/web/app_dev.php/api/something

HEADERS:

Authorization : WSSE profile="UsernameToken"
X-wsse : UsernameToken Username=\"a@a.it\", PasswordDigest=\"R82hdPWyV3PoTliW5O1aoSkKRZk=\", Nonce=\"YmUwZDVhNDliNzZiM2QzZA==\", Created=\"2013-05-23T07:57:03+02:00\"
ACCEPT : application/json

I receive response 403 FORBIDDEN.

What is the error? Many thanks!!!

corpulent commented 11 years ago

@lukeman83

Your x-wsse string should look like,

X-wsse : UsernameToken Username="a@a.it", PasswordDigest="R82hdPWyV3PoTliW5O1aoSkKRZk=", Nonce="YmUwZDVhNDliNzZiM2QzZA==", Created="2013-05-23T07:57:03+02:00"

Something in this setup or maybe in symfony is escaping double quotes automatically, I am not sure what does that.